CVE-2025-27579
📋 TL;DR
This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Bitaxe ESP-Miner with AxeOS firmware. Attackers can trick authenticated users into submitting malicious requests that change the miner's payout address or modify frequency/voltage settings. This affects Bitcoin miners running ESP-Miner firmware versions before 2.5.0.
💻 Affected Systems
- Bitaxe ESP-Miner with AxeOS firmware
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could redirect all mining rewards to their own wallet address, permanently stealing cryptocurrency earnings, or push hardware beyond safe limits causing physical damage to mining equipment.
Likely Case
Attackers redirect mining rewards to their own wallet addresses, stealing cryptocurrency earnings from affected miners.
If Mitigated
With proper CSRF protections and network segmentation, the attack surface is significantly reduced, though not completely eliminated if miners are exposed to untrusted networks.
🎯 Exploit Status
Exploitation requires the victim to be logged into the miner's web interface and visit a malicious website. The vulnerability is well-documented with proof-of-concept available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.5.0
Vendor Advisory: https://github.com/skot/ESP-Miner/pull/637
Restart Required: Yes
Instructions:
1. Download ESP-Miner version 2.5.0 or later from the official repository. 2. Flash the new firmware to your Bitaxe device. 3. Restart the miner to apply the update.
🔧 Temporary Workarounds
Network Segmentation
allIsolate mining equipment on separate network segments without internet access
Access Control
allRestrict access to miner web interfaces using firewall rules or VPN access only
🧯 If You Can't Patch
- Isolate mining equipment on a dedicated network segment without internet access
- Implement strict firewall rules to only allow management from trusted IP addresses
🔍 How to Verify
Check if Vulnerable:
Check the firmware version in the miner's web interface under System Information. If version is below 2.5.0, the system is vulnerable.Check Version:
Connect to miner web interface and navigate to System Information pageVerify Fix Applied:
After updating, verify the firmware version shows 2.5.0 or higher in the System Information page.📡 Detection & Monitoring
Log Indicators:
- Unexpected changes to stratumUser/payout address in system logs
- Unauthorized configuration changes to frequency/voltage settings
Network Indicators:
- Unusual POST requests to /api/system endpoint from unexpected sources
- Configuration changes originating from non-management IP addresses
SIEM Query:
source="miner_logs" AND (event="config_change" OR event="payout_change") AND user_agent CONTAINS "browser"